Initial commit - 611 cybersecurity skills across all subdomains

This commit is contained in:
mukul975
2026-02-25 10:47:44 +01:00
commit 22a7ab1462
1765 changed files with 280648 additions and 0 deletions
@@ -0,0 +1,22 @@
# Standards Reference: Android Intent Vulnerabilities
## OWASP Mobile Top 10 2024
| ID | Risk | Intent Relevance |
|----|------|-----------------|
| M4 | Insufficient Input/Output Validation | Intent parameter injection |
| M8 | Security Misconfiguration | Exported components without permission guards |
## OWASP MASVS v2.0 - MASVS-PLATFORM
| Control | Test |
|---------|------|
| MASVS-PLATFORM-1 | Verify exported components require appropriate permissions |
| MASVS-PLATFORM-2 | Verify intent data is validated before processing |
## CWE Mappings
| CWE | Title | Vector |
|-----|-------|--------|
| CWE-926 | Improper Export of Android Application Components | Exported without permission |
| CWE-927 | Use of Implicit Intent for Sensitive Communication | Sensitive data in implicit intents |
| CWE-925 | Improper Verification of Intent by Broadcast Receiver | Missing sender verification |
| CWE-89 | SQL Injection | Content provider query injection |
| CWE-22 | Path Traversal | Content provider path traversal |
@@ -0,0 +1,17 @@
# Workflows: Android Intent Vulnerability Testing
## Workflow 1: IPC Security Assessment
```
[Decompile APK] --> [Parse AndroidManifest] --> [Enumerate exported components]
|
+------------------+------------------+
| | | |
[Activities] [Services] [Receivers] [Providers]
[Direct launch] [Bind/Start] [Trigger] [Query/Inject]
[Auth bypass?] [Data exfil?] [Sniff?] [SQLi? Traversal?]
| | | |
+------------------+------------------+
|
[PendingIntent audit]
[Report findings]
```